linux:skrypt_firewalla

Jesteś tutaj: start » linux » skrypt_firewalla 
  #!/bin/bash
 
  echo 1 > /proc/sys/net/ipv4/ip_forward
  modprobe nf_conntrack_ftp
  modprobe nf_nat_ftp
 
  iptables -F
  iptables -t nat -F
  iptables -A INPUT -i lo -j ACCEPT
  iptables -A INPUT -i eth1 -j ACCEPT
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to-source 10.0.2.100
  iptables -t nat -A PREROUTING -d 10.0.2.100 -p tcp --dport 1001 -j DNAT --to-destination 192.168.2.121:22
  iptables -P INPUT DROP
#!/bin/sh
iptables -F INPUT
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
#iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
#iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -m state --state NEW -p udp --dport 67 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT
 
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source 10.0.3.100 
#iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
 
iptables -F FORWARD
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 500 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p udp --dport 4500 -j ACCEPT
#iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p esp -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m state --state NEW -p icmp --icmp-type echo-request -j ACCEPT
iptables -A FORWARD -i eth0 -o eth0 -j ACCEPT
 
iptables -A FORWARD -j REJECT